On 8-Sep-05, at 3:45 PM, Thomas Hallgren wrote:
Tom Lane wrote:
Actually, I've just been discussing this with Red Hat's gcj people in
connection with a different project. What they say is that the Java
security manager is completely implemented now, but what is still
missing is that it's possible to bypass Java security if you can
execute
untrusted bytecode. So if I understand correctly, a gcj
environment is
secure as long as you can prevent hacked-up class files from getting
into your classpath.
Pretty tough to do, since you can read classes in your classpath, and
modify the bytecode on the fly
There's even a library to do it for you.
That's great news for PL/Java (and for Java in general of course).
Did they mention a release date?
Regards,
Thomas Hallgren
---------------------------(end of
broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
